chapter 2 lan redundancy -...

Chapter 2 — LAN Redundancy14

Chapter 2 — LAN Redundancy2.0.1.2 Class Activity – Stormy Traffic ( )

ObjectiveExplain the purpose of the Spanning Tree Protocol (STP) in a switched LAN environment with redundant switch links.

Notes:

• Spanning Tree Protocol (STP) and its variations are the focus of this chapter. This modeling activity is designed to help students realize that a switched network can be shaped using STP or its variations.

• This activity can be completed individually, in small groups, or as a class.

ScenarioIt is your first day on the job as a network administrator for a small- to medium-sized business. The previous network administrator left suddenly after a network upgrade took place for the business.

During the upgrade, a new switch was added. Since the upgrade, many employees complain that they are having trouble accessing the Internet and servers on your network. In fact, most of them cannot access the network at all. Your corporate manager asks you to immediately research what could be causing these con-nectivity problems and delays.

So you take a look at the equipment operating on your network at your main distribution facility in the building. You notice that the network topology seems to be visually correct and that cables have been connected cor-rectly, routers and switches are powered on and operational, and switches are connected together to provide backup or redundancy.

However, one thing you do notice is that all of your switches’ status lights are constantly blinking at a very fast pace to the point that they almost appear solid. You think you have found the problem with the connectivity issues your employees are experiencing.

Use the Internet to research STP. As you research, take notes and describe:

• Broadcast storm

• Switching loops

• The purpose of STP

• Variations of STP

Complete the reflection questions that accompany the PDF file for this activity. Save your work and be pre-pared to share your answers with the class.

Resources• Internet access to the World Wide Web

Reflection1. What is a definition of a broadcast storm? How does a broadcast storm develop?

_______________________________________________________________________________________ A broadcast storm develops when switches forward traffic out of all ports while looking for a destination for the traffic. It develops when switches continuously forward traffic between themselves without time to block interfaces on the switches to create one good path to the destination.

Full file at http://testbankonline.eu/Solution-Manual-for-Scaling-Networks-Lab-Manual-by-Cisco-Networking

2.0.1.2 Class Activity – Stormy Traffic (Instructor Version) 15

2. What is a definition of a switching loop? What causes a switching loop?

_______________________________________________________________________________________ A switching loop forms when redundancy is present on switches and the paths formed create a circle of deliv-ery. Packets travel endlessly along the redundant paths, particularly with multicast and broadcast traffic. This causes a myriad of traffic on the network, causing hosts to have problems accessing the network.

3. How can you mitigate broadcast storms and switching loops caused by introducing redundant switches to your network?

_______________________________________________________________________________________ Implement STP or one of its variations. Create VLANs to limit broadcast domains. Check physical connec-tions to make sure that cabling is correct so that switches are not perpetuating broadcasts and routing loops within your network.

4. What is the IEEE standard for STP and some other STP variations, as mentioned in the hyperlinks provided?

_______________________________________________________________________________________ 802.1D (STP), 802.1W (RSTP), and 802.1I (MST)

5. In answer to this scenario, what would be your first step (after visually checking your network) to correcting the described network problem?

_______________________________________________________________________________________ Three answers would be appropriate for this question.

• A network protocol analyzer could be used to check and map network traffic, thus identifying what kind of network problem is present.

• Removing the new switch and its cables to isolate the problem might be a troubleshooting step.

• Checking each switch to make sure that STP is operational is another possible troubleshooting step.

Identify elements of the model that map to IT-related content: • Spanning Tree Protocol (STP)

• Broadcast storms

• Switching loops

• IEEE STP standards (802.1D, 802.1S, 802.1I)



2.1.2.10 Lab – Building a Switched Network with Redundant Links

Note: Red font color or Gray highlights indicate text that appears in the instructor copy only.

Topology

Addressing Table

Device Interface IP Address Subnet MaskS1 VLAN 1 192.168.1.1 255.255.255.0S2 VLAN 1 192.168.1.2 255.255.255.0S3 VLAN 1 192.168.1.3 255.255.255.0

Objectives

Part 1: Build the Network and Configure Basic Device Settings

Part 2: Determine the Root Bridge

Part 3: Observe STP Port Selection Based on Port Cost

Part 4: Observe STP Port Selection Based on Port Priority

Background / Scenario

Redundancy increases the availability of devices in the network topology by protecting the network from a single point of failure. Redundancy in a switched network is accomplished through the use of multiple switch-es or multiple links between switches. When physical redundancy is introduced into a network design, loops and duplicate frames can occur.

The Spanning Tree Protocol (STP) was developed as a Layer 2 loop-avoidance mechanism for redundant links in a switched network. STP ensures that there is only one logical path between all destinations on the network by intentionally blocking redundant paths that could cause a loop.

In this lab, you will use the show spanning-tree command to observe the STP election process of the root bridge. You will also observe the port selection process based on cost and priority.


2.1.2.10 Lab – Building a Switched Network with Redundant Links (Instructor Version) 17

Note: The switches used are Cisco Catalyst 2960s with Cisco IOS Release 15.0(2) (lanbasek9 image). Other switches and Cisco IOS versions can be used. Depending on the model and Cisco IOS version, the com-mands available and output produced might vary from what is shown in the labs.

Note: Make sure that the switches have been erased and have no startup configurations. If you are unsure, contact your instructor.

Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.

Required Resources• 3 Switches (Cisco 2960 with Cisco IOS Release 15.0(2) lanbasek9 image or comparable)

• Console cables to configure the Cisco IOS devices via the console ports

• Ethernet cables as shown in the topology

Part 1: Build the Network and Configure Basic Device SettingsIn Part 1, you will set up the network topology and configure basic settings on the switches.

Step 1: Cable the network as shown in the topology.

Attach the devices as shown in the topology diagram, and cable as necessary.

Step 2: Initialize and reload the switches as necessary.

Step 3: Configure basic settings for each switch.

a. Disable DNS lookup.

b. Configure the device name as shown in the topology.

c. Assign class as the encrypted privileged EXEC mode password.

d. Assign cisco as the console and vty passwords and enable login for console and vty lines.

e. Configure logging synchronous for the console line.

f. Configure a message of the day (MOTD) banner to warn users that unauthorized access is prohibited.

g. Configure the IP address listed in the Addressing Table for VLAN 1 on all switches.

h. Copy the running configuration to the startup configuration.

Step 4: Test connectivity.

Verify that the switches can ping one another.

Can S1 ping S2? _________ Yes



Troubleshoot until you are able to answer yes to all questions.



Part 2: Determine the Root BridgeEvery spanning-tree instance (switched LAN or broadcast domain) has a switch designated as the root bridge. The root bridge serves as a reference point for all spanning-tree calculations to determine which re-dundant paths to block.

An election process determines which switch becomes the root bridge. The switch with the lowest bridge identifier (BID) becomes the root bridge. The BID is made up of a bridge priority value, an extended system ID, and the MAC address of the switch. The priority value can range from 0 to 65,535, in increments of 4,096, with a default value of 32,768.

Step 1: Deactivate all ports on the switches.

S1(config)# interface range f0/1-24, g0/1-2

S1(config-if-range)# shutdown

S1(config-if-range)# end







Step 2: Configure connected ports as trunks.

S1(config)# interface range f0/1-4

S1(config-if-range)# switchport mode trunk








Step 3: Activate ports F0/2 and F0/4 on all switches.

S1(config)# interface range f0/2, f0/4



S1(config-if-range)# no shutdown








Step 4: Display spanning tree information.

Issue the show spanning-tree command on all three switches. The Bridge ID Priority is calculated by adding the priority value and the extended system ID. The extended system ID is always the VLAN number. In the example below, all three switches have equal Bridge ID Priority values (32769 = 32768 + 1, where default pri-ority = 32768, VLAN number = 1); therefore, the switch with the lowest MAC address becomes the root bridge (S2 in the example).

S1# show spanning-tree

VLAN0001

Spanning tree enabled protocol ieee

Root ID Priority 32769

Address 0cd9.96d2.4000

Cost 19

Port 2 (FastEthernet0/2)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Address 0cd9.96e8.8a00


Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type

------------------- ---- --- --------- -------- --------------------------------

Fa0/2 Root FWD 19 128.2 P2p

Fa0/4 Altn BLK 19 128.4 P2p


VLAN0001






This bridge is the root





Aging Time 300 sec


------------------- ---- --- --------- -------- --------------------------------

Fa0/2 Desg FWD 19 128.2 P2p



VLAN0001




Cost 19




Address 0cd9.96e8.7400


Aging Time 300 sec


------------------- ---- --- --------- -------- --------------------------------



Note: The default STP mode on the 2960 switch is Per VLAN Spanning Tree (PVST).

In the diagram below, record the Role and Status (Sts) of the active ports on each switch in the Topology.



Based on the output from your switches, answer the following questions.

Which switch is the root bridge? ____________ Answers will vary, the above output shows S2 as the root bridge.

Why did spanning tree select this switch as the root bridge?

_______________________________________________________________________________________

The root bridge was chosen because it had the lowest bridge ID (Priority value + extended system ID (VLAN) + MAC address of switch).

Which ports are the root ports on the switches? _________________________ Answers will vary, the above output shows S1 – F0/2, and S3 – F0/2.

Which ports are the designated ports on the switches? __________________________ Answers will vary, the above output shows S2 – F0/2 and F0/4, S3 – F0/4

What port is showing as an alternate port and is currently being blocked? _________________ Answers will vary, the above output shows S1 – F0/4.

Why did spanning tree select this port as the non-designated (blocked) port?

_______________________________________________________________________________________

_______________________________________________________________________________________

_______________________________________________________________________________________

_______________________________________________________________________________________

The spanning tree algorithm (STA) uses the root bridge as the reference point and then determines which ports to block based on path cost. If path costs are equal it then compares BIDs. Lower numbers are pre-ferred. In the output above, the link between S1 and S3 has the highest cost to the root bridge. The path cost through both switches is the same, so STA selected the path through the switch with the lower BID, and blocked the port (F0/4) on the switch with the higher BID (S1).



Part 3: Observe STP Port Selection Based on Port CostThe spanning tree algorithm (STA) uses the root bridge as the reference point and then determines which ports to block, based on path cost. The port with the lower path cost is preferred. If port costs are equal, then spanning tree compares BIDs. If the BIDs are equal, then the port priorities are used to break the tie. Lower values are always preferred. In Part 3, you will change the port cost to control which port is blocked by span-ning tree.

Step 1: Locate the switch with the blocked port.

With the current configuration, only one switch should have a port that is blocked by STP. Issue the show spanning-tree command on both non-root switches. In the example below, spanning tree is blocking port F0/4 on the switch with the highest BID (S1).


VLAN0001




Cost 19






Aging Time 300 sec


------------------- ---- --- --------- -------- --------------------------------




VLAN0001




Cost 19








Aging Time 15 sec


------------------- ---- --- --------- -------- --------------------------------



Note: Root bridge and port selection may differ in your topology.

Step 2: Change port cost.

In addition to the blocked port, the only other active port on this switch is the port designated as the root port. Lower the cost of this root port to 18 by issuing the spanning-tree cost 18 interface configuration mode com-mand.

S1(config)# interface f0/2

S1(config-if)# spanning-tree cost 18

Step 3: Observe spanning tree changes.

Re-issue the show spanning-tree command on both non-root switches. Observe that the previously blocked port (S1 - F0/4) is now a designated port and spanning tree is now blocking a port on the other non-root switch (S3 - F0/4).


VLAN0001




Cost 18






Aging Time 300 sec


------------------- ---- --- --------- -------- --------------------------------






VLAN0001




Cost 19






Aging Time 300 sec


------------------- ---- --- --------- -------- --------------------------------



Why did spanning tree change the previously blocked port to a designated port, and block the port that was a designated port on the other switch?

_______________________________________________________________________________________

STP looks at path cost first. The port with the lower path cost will always be preferred over a port with a higher path cost.

Step 4: Remove port cost changes.

a. Issue the no spanning-tree cost 18 interface configuration mode command to remove the cost state-ment that you created earlier.


S1(config-if)# no spanning-tree cost 18

b. Re-issue the show spanning-tree command to verify that STP has reset the port on the non-root switches back to the original port settings. It takes approximately 30 seconds for STP to complete the port transition process.

Part 4: Observe STP Port Selection Based on Port PriorityIf port costs are equal, then spanning tree compares BIDs. If the BIDs are equal, then the port priorities are used to break the tie. The default port priority value is 128. STP aggregates the port priority with the port number to break ties. Lower values are always preferred. In Part 4, you will activate redundant paths to each switch to observe how STP selects a port using the port priority.

a. Activate ports F0/1 and F0/3 on all switches.












b. Wait 30 seconds for STP to complete the port transition process, and then issue the show spanning-tree command on the non-root switches. Observe that the root port has moved to the lower numbered port linked to the root switch, and blocked the previous root port.


VLAN0001




Cost 19






Aging Time 15 sec


------------------- ---- --- --------- -------- --------------------------------






VLAN0001






Cost 19






Aging Time 15 sec


------------------- ---- --- --------- -------- --------------------------------





What port did STP select as the root port on each non-root switch? _________________________________

Answers will vary, but in the example above S1 – F0/1, and S3 – F0/1.

Why did STP select these ports as the root port on these switches?

_______________________________________________________________________________________

_______________________________________________________________________________________

The default port value of the ports is 128; therefore, STP used the port number to break the tie. It selected the lower port number as the root port, and blocked the higher-numbered port with the redundant path to the root bridge.

Reflection

1. After a root bridge has been selected, what is the first value STP uses to determine port selection?

_______________________________________________________________________________________

Path cost. It selects the path with the lower accumulated cost.

2. If the first value is equal on the two ports, what is the next value that STP uses to determine port selection?

_______________________________________________________________________________________

BID by selecting the lower value.

3. If both values are equal on the two ports, what is the next value that STP uses to determine port selection?

_______________________________________________________________________________________

An aggregation of the port priority and the port number, the lower value is preferred.



Device Configs - Final

Switch S1S1# show run

Building configuration...

Current configuration : 1829 bytes

!

version 15.0

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname S1

!

boot-start-marker

boot-end-marker

!

enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2

!

no aaa new-model

system mtu routing 1500

!

no ip domain-lookup

!

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface FastEthernet0/1

switchport mode trunk

!



!



!





!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!




shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!

interface GigabitEthernet0/1

shutdown

!


shutdown

!

interface Vlan1

ip address 192.168.1.1 255.255.255.0

!

ip http server

ip http secure-server

!

!

banner motd ^C Unauthorized Access is Prohibited! ^C

!

line con 0

password cisco



logging synchronous

login

line vty 0 4

password cisco

login

line vty 5 15

password cisco

login

!

end




!

version 15.0

no service pad




!

hostname S2

!

boot-start-marker

boot-end-marker

!


!

no aaa new-model


!

no ip domain-lookup

!



!


!





!



!



!



!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!




shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!

interface Vlan1

ip address 192.168.1.2 255.255.255.0



!

ip http server


!


!

line con 0

password cisco

logging synchronous

login

line vty 0 4

password cisco

login

line vty 5 15

password cisco

login

!

end




!

version 15.0

no service pad




!

hostname S3

!

boot-start-marker

boot-end-marker

!


!

no aaa new-model




!

!

no ip domain-lookup

!



!


!



!



!



!



!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!




shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown



!


shutdown

!


shutdown

!

interface Vlan1

ip address 192.168.1.3 255.255.255.0

!

ip http server


!


!

line con 0

password cisco

logging synchronous

login

line vty 0 4

password cisco

login

line vty 5 15

password cisco

login

!

end


2.3.2.3 Lab – Configuring Rapid PVST+, PortFast, and BPDU Guard (Instructor Version) 37

2.3.2.3 Lab – Configuring Rapid PVST+, PortFast, and BPDU GuardNote: Red font color or Gray highlights indicate text that appears in the instructor copy only.

Topology

Addressing Table

Device Interface IP Address Subnet MaskS1 VLAN 99 192.168.1.11 255.255.255.0S2 VLAN 99 192.168.1.12 255.255.255.0S3 VLAN 99 192.168.1.13 255.255.255.0PC-A NIC 192.168.0.2 255.255.255.0PC-C NIC 192.168.0.3 255.255.255.0

VLAN Assignments

VLAN Name10 User99 Management

Objectives

Part 1: Build the Network and Configure Basic Device Settings

Part 2: Configure VLANs, Native VLAN, and Trunks

Part 3: Configure the Root Bridge and Examine PVST+ Convergence

Part 4: Configure Rapid PVST+, PortFast, BPDU Guard, and Examine Convergence




The Per-VLAN Spanning Tree (PVST) protocol is Cisco proprietary. Cisco switches default to PVST. Rapid PVST+ (IEEE 802.1w) is an enhanced version of PVST+ and allows for faster spanning-tree calculations and convergence in response to Layer 2 topology changes. Rapid PVST+ defines three port states: discarding, learning, and forwarding, and provides multiple enhancements to optimize network performance.

In this lab, you will configure the primary and secondary root bridge, examine PVST+ convergence, configure Rapid PVST+ and compare its convergence to PVST+. In addition, you will configure edge ports to transition immediately to a forwarding state using PortFast and prevent the edge ports from forwarding BDPUs using BDPU guard.

Note: This lab provides minimal assistance with the actual commands necessary for configuration. However, the required commands are provided in Appendix A. Test your knowledge by trying to configure the devices without referring to the appendix.

Note: The switches used with CCNA hands-on labs are Cisco Catalyst 2960s with Cisco IOS Release 15.0(2) (lanbasek9 image). Other switches and Cisco IOS versions can be used. Depending on the model and Cisco IOS version, the commands available and output produced might vary from what is shown in the labs.

Note: Make sure that the switches have been erased and have no startup configurations. If you are unsure, contact your instructor.

Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.

Required Resources• 3 Switches (Cisco 2960 with Cisco IOS Release 15.0(2) lanbasek9 image or comparable)

• 2 PCs (Windows 7, Vista, or XP with terminal emulation program, such as Tera Term)


• Ethernet cables as shown in the topology

Part 1: Build the Network and Configure Basic Device SettingsIn Part 1, you will set up the network topology and configure basic settings, such as the interface IP address-es, device access, and passwords.


Step 2: Configure PC hosts.

Step 3: Initialize and reload the switches as necessary.



b. Configure the device name as shown in the Topology.

c. Assign cisco as the console and vty passwords and enable login.

d. Assign class as the encrypted privileged EXEC mode password.

e. Configure logging synchronous to prevent console messages from interrupting command entry.



f. Shut down all switch ports.

g. Copy the running configuration to startup configuration.

Part 2: Configure VLANs, Native VLAN, and TrunksIn Part 2, you will create VLANs, assign switch ports to VLANs, configure trunk ports, and change the native VLAN for all switches.

Note: The required commands for Part 2 are provided in Appendix A. Test your knowledge by trying to config-ure the VLANs, native VLAN, and trunks without referring to the appendix.

Step 1: Create VLANs.

Use the appropriate commands to create VLANs 10 and 99 on all of the switches. Name VLAN 10 as User and VLAN 99 as Management.

S1(config)# vlan 10

S1(config-vlan)# name User

S1(config-vlan)# vlan 99

S1(config-vlan)# name Management

S2(config)# vlan 10




S3(config)# vlan 10




Step 2: Enable user ports in access mode and assign VLANs.

For S1 F0/6 and S3 F0/18, enable the ports, configure them as access ports, and assign them to VLAN 10.


S1(config-if)# no shutdown

S1(config-if)# switchport mode access

S1(config-if)# switchport access vlan 10







Step 3: Configure trunk ports and assign to native VLAN 99.

For ports F0/1 and F0/3 on all switches, enable the ports, configure them as trunk ports, and assign them to native VLAN 99.

S1(config)# interface range f0/1,f0/3


S1(config-if)# switchport mode trunk

S1(config-if)# switchport trunk native vlan 99









Step 4: Configure the management interface on all switches.

Using the Addressing Table, configure the management interface on all switches with the appropriate IP ad-dress.

S1(config)# interface vlan 99

S1(config-if)# ip address 192.168.1.11 255.255.255.0





Step 5: Verify configurations and connectivity.

Use the show vlan brief command on all switches to verify that all VLANs are registered in the VLAN table and that the correct ports are assigned.

S1# show vlan brief

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0/2, Fa0/4, Fa0/5, Fa0/7



Fa0/8, Fa0/9, Fa0/10, Fa0/11

Fa0/12, Fa0/13, Fa0/14, Fa0/15

Fa0/16, Fa0/17, Fa0/18, Fa0/19

Fa0/20, Fa0/21, Fa0/22, Fa0/23

Fa0/24, Gi0/1, Gi0/2

10 User active Fa0/6

99 Management active

1002 fddi-default act/unsup

1003 token-ring-default act/unsup

1004 fddinet-default act/unsup

1005 trnet-default act/unsup

S2# show vlan brief


---- -------------------------------- --------- -------------------------------


Fa0/7, Fa0/8, Fa0/9, Fa0/10

Fa0/11, Fa0/12, Fa0/13, Fa0/14

Fa0/15, Fa0/16, Fa0/17, Fa0/18

Fa0/19, Fa0/20, Fa0/21, Fa0/22

Fa0/23, Fa0/24, Gi0/1, Gi0/2

10 User active






S3# show vlan brief


---- -------------------------------- --------- -------------------------------


Fa0/7, Fa0/8, Fa0/9, Fa0/10

Fa0/11, Fa0/12, Fa0/13, Fa0/14

Fa0/15, Fa0/16, Fa0/17, Fa0/19

Fa0/20, Fa0/21, Fa0/22, Fa0/23

Fa0/24, Gi0/1, Gi0/2

10 User active Fa0/18








Use the show interfaces trunk command on all switches to verify trunk interfaces.

S1# show interfaces trunk

Port Mode Encapsulation Status Native vlan

Fa0/1 on 802.1q trunking 99


Port Vlans allowed on trunk

Fa0/1 1-4094

Fa0/3 1-4094

Port Vlans allowed and active in management domain

Fa0/1 1,10,99

Fa0/3 1,10,99

Port Vlans in spanning tree forwarding state and not pruned

Fa0/1 none

Fa0/3 1,10,99






Fa0/1 1-4094

Fa0/3 1-4094


Fa0/1 1,10,99

Fa0/3 1,10,99


Fa0/1 1,10,99

Fa0/3 1,10,99








Fa0/1 1-4094

Fa0/3 1-4094


Fa0/1 1,10,99

Fa0/3 1,10,99


Fa0/1 1,10,99

Fa0/3 1,10,99

Use the show running-config command on all switches to verify all other configurations.

S1# show running-config



!

version 15.0

no service pad




!

hostname S1

!

boot-start-marker

boot-end-marker

!


!

no aaa new-model




!

no ip domain-lookup

!



!


!


switchport trunk native vlan 99


!


shutdown

!




!


shutdown

!


shutdown

!


switchport access vlan 10

switchport mode access

!


shutdown

!


shutdown

!


shutdown

!




shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!




shutdown

!


shutdown

!


shutdown

!


shutdown

!

interface Vlan1

no ip address

!

interface Vlan99

ip address 192.168.1.11 255.255.255.0

!

ip http server


!

line con 0

password cisco

logging synchronous

login

line vty 0 4

password cisco

login

line vty 5 15

password cisco

login

!

end

What is the default setting for spanning-tree mode on Cisco switches?

_______________________________________________________________________________________

The default spanning-tree mode is PVST+.

Verify connectivity between PC-A and PC-C. Was your ping successful? __________ Yes.

If your ping was unsuccessful, troubleshoot the configurations until the issue is resolved.



Note: It may be necessary to disable the PC firewall to successfully ping between PCs.

Part 3: Configure the Root Bridge and Examine PVST+ ConvergenceIn Part 3, you will determine the default root in the network, assign the primary and secondary root, and use the debug command to examine convergence of PVST+.

Note: The required commands for Part 3 are provided in Appendix A. Test your knowledge by trying to config-ure the root bridge without referring to the appendix.

Step 1: Determine the current root bridge.

Which command allows a user to determine the spanning-tree status of a Cisco Catalyst switch for all VLANs? Write the command in the space provided.

_______________________________________________________________________________________

show spanning-tree

Use the command on all three switches to determine the answers to the following questions:

Note: There are three instances of the spanning tree on each switch. The default STP configuration on Cisco switches is PVST+, which creates a separate spanning tree instance for each VLAN (VLAN 1 and any user-configured VLANs).

What is the bridge priority of switch S1 for VLAN 1? __________ 32769



Which switch is the root bridge? __________ Answers will vary. In this configuration, it is switch S3.

Why was this switch elected as the root bridge?

_______________________________________________________________________________________

By default, spanning tree elects the root bridge based on lowest MAC address.


VLAN0001




Cost 19




Address 0cd9.96e2.3d80




Aging Time 300 sec


------------------- ---- --- --------- -------- --------------------------------



VLAN0010




Cost 19






Aging Time 300 sec


------------------- ---- --- --------- -------- --------------------------------




VLAN0099




Cost 19






Aging Time 300 sec




------------------- ---- --- --------- -------- --------------------------------




VLAN0001




Cost 19




Address 0cd9.96e8.6f80


Aging Time 300 sec


------------------- ---- --- --------- -------- --------------------------------



VLAN0010




Cost 19






Aging Time 300 sec


------------------- ---- --- --------- -------- --------------------------------





VLAN0099




Cost 19






Aging Time 300 sec


------------------- ---- --- --------- -------- --------------------------------




VLAN0001









Aging Time 300 sec


------------------- ---- --- --------- -------- --------------------------------



VLAN0010











Aging Time 300 sec


------------------- ---- --- --------- -------- --------------------------------



Fa0/18 Desg FWD 19 128.18 P2p

VLAN0099









Aging Time 300 sec


------------------- ---- --- --------- -------- --------------------------------



Step 2: Configure a primary and secondary root bridge for all existing VLANs.

Having a root bridge (switch) elected by MAC address may lead to a suboptimal configuration. In this lab, you will configure switch S2 as the root bridge and S1 as the secondary root bridge.

a. Configure switch S2 to be the primary root bridge for all existing VLANs. Write the command in the space provided.

____________________________________________________________________________________

S2(config)# spanning-tree vlan 1,10,99 root primary

b. Configure switch S1 to be the secondary root bridge for all existing VLANs. Write the command in the space provided.

____________________________________________________________________________________



S1(config)# spanning-tree vlan 1,10,99 root secondary

Use the show spanning-tree command to answer the following questions:

What is the bridge priority of S1 for VLAN 1? __________ 28673

What is the bridge priority of S2 for VLAN 1? __________ 24577

Which interface in the network is in a blocking state? _________________________________________ Interface F0/3 on switch S3

S1# show spanning-tree vlan 1

VLAN0001




Cost 19






Aging Time 15 sec


------------------- ---- --- --------- -------- --------------------------------




VLAN0001









Aging Time 15 sec




------------------- ---- --- --------- -------- --------------------------------




VLAN0001




Cost 19






Aging Time 300 sec


------------------- ---- --- --------- -------- --------------------------------



Step 3: Change the Layer 2 topology and examine convergence.

To examine PVST+ convergence, you will create a Layer 2 topology change while using the debug command to monitor spanning-tree events.

a. Enter the debug spanning-tree events command in privileged EXEC mode on switch S3.

S3# debug spanning-tree events

Spanning Tree event debugging is on

b. Create a topology change by disabling interface F0/1 on S3.


S3(config-if)# shutdown

*Mar 1 00:58:56.225: STP: VLAN0001 new root port Fa0/3, cost 38

*Mar 1 00:58:56.225: STP: VLAN0001 Fa0/3 -> listening

*Mar 1 00:58:56.225: STP[1]: Generating TC trap for port FastEthernet0/1









*Mar 1 00:58:56.242: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down

*Mar 1 00:58:56.242: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan99, changed state to down

*Mar 1 00:58:58.214: %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to ad-ministratively down

*Mar 1 00:58:58.230: STP: VLAN0001 sent Topology Change Notice on Fa0/3



*Mar 1 00:58:59.220: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down

*Mar 1 00:59:11.233: STP: VLAN0001 Fa0/3 -> learning




*Mar 1 00:59:26.240: STP: VLAN0001 Fa0/3 -> forwarding






*Mar 1 00:59:26.248: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up

*Mar 1 00:59:26.248: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan99, changed state to up

Note: Before proceeding, use the debug output to verify that all VLANs on F0/3 have reached a forward-ing state then use the command no debug spanning-tree events to stop the debug output.

Through which port states do each VLAN on F0/3 proceed during network convergence?

____________________________________________________________________________________

Listening, learning, and forwarding

Using the time stamp from the first and last STP debug message, calculate the time (to the nearest sec-ond) that it took for the network to converge. Hint: The debug timestamp format is date hh.mm.ss:msec.

____________________________________________________________________________________

Answers may vary slightly but convergence time should be approximately 30 seconds.

Part 4: Configure Rapid PVST+, PortFast, BPDU Guard, and Examine Con-vergence

In Part 4, you will configure Rapid PVST+ on all switches. You will configure PortFast and BPDU guard on all access ports, and then use the debug command to examine Rapid PVST+ convergence.



Note: The required commands for Part 4 are provided in Appendix A. Test your knowledge by trying to config-ure the Rapid PVST+, PortFast, and BPDU guard without referring to the appendix.

Step 1: Configure Rapid PVST+.

a. Configure S1 for Rapid PVST+. Write the command in the space provided.

____________________________________________________________________________________

S1(config)# spanning-tree mode rapid-pvst

b. Configure S2 and S3 for Rapid PVST+.



c. Verify configurations with the show running-config | include spanning-tree mode command.

S1# show running-config | include spanning-tree mode

spanning-tree mode rapid-pvst





Step 2: Configure PortFast and BPDU Guard on access ports.

PortFast is a feature of spanning tree that transitions a port immediately to a forwarding state as soon as it is turned on. This is useful in connecting hosts so that they can start communicating on the VLAN instantly, rather than waiting on spanning tree. To prevent ports that are configured with PortFast from forwarding BP-DUs, which could change the spanning tree topology, BPDU guard can be enabled. At the receipt of a BPDU, BPDU guard disables a port configured with PortFast.

a. Configure interface F0/6 on S1 with PortFast. Write the command in the space provided.

____________________________________________________________________________________


S1(config-if)# spanning-tree portfast

b. Configure interface F0/6 on S1 with BPDU guard. Write the command in the space provided.

____________________________________________________________________________________


S1(config-if)# spanning-tree bpduguard enable

c. Globally configure all non-trunking ports on switch S3 with PortFast. Write the command in the space provided.

____________________________________________________________________________________

S3(config)# spanning-tree portfast default



d. Globally configure all non-trunking PortFast ports on switch S3 with BPDU guard. Write the command in the space provided.

____________________________________________________________________________________

S3(config)# spanning-tree portfast bpduguard default

Step 3: Examine Rapid PVST+ convergence.

a. Enter the debug spanning-tree events command in privileged EXEC mode on switch S3.

b. Create a topology change by enabling interface F0/1 on switch S3.



*Mar 1 01:28:34.946: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up

*Mar 1 01:28:37.588: RSTP(1): initializing port Fa0/1

*Mar 1 01:28:37.588: RSTP(1): Fa0/1 is now designated





*Mar 1 01:28:37.597: RSTP(1): transmitting a proposal on Fa0/1



*Mar 1 01:28:37.597: RSTP(1): updt roles, received superior bpdu on Fa0/1

*Mar 1 01:28:37.597: RSTP(1): Fa0/1 is now root port

*Mar 1 01:28:37.597: RSTP(1): Fa0/3 blocked by re-root

*Mar 1 01:28:37.597: RSTP(1): synced Fa0/1

*Mar 1 01:28:37.597: RSTP(1): Fa0/3 is now alternate














*Mar 1 01:28:37.622: RSTP(1): transmitting an agreement on Fa0/1 as a response to a proposal





*Mar 1 01:28:38.595: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up

Using the time stamp from the first and last RSTP debug message, calculate the time that it took for the network to converge.

____________________________________________________________________________________

Answers may vary slightly but convergence time should be under a second.

Reflection

1. What is the main benefit of using Rapid PVST+?

_______________________________________________________________________________________

Rapid PVST+ decreases the time of Layer 2 convergence significantly over PVST+.

2. How does configuring a port with PortFast allow for faster convergence?

_______________________________________________________________________________________

PortFast allows for an access port to immediately transition into a forwarding state which decreases Layer 2 convergence time.

3. What protection does BPDU guard provide?

_______________________________________________________________________________________

BPDU guard protects the STP domain by disabling access ports that receive a BPDU. BPDUs can be used in a denial of service attack that changes a domain’s root bridge and forces an STP recalculation.

Appendix A – Switch Configuration Commands

Switch S1S1(config)# vlan 10




S1(config-vlan)# exit





S1(config-if)# interface f0/1










S1(config-if)# interface vlan 99


S1(config-if)# exit

S1(config)# spanning-tree vlan 1,10,99 root secondary




















S2(config-if)# exit

S2(config)# spanning-tree vlan 1,10,99 root primary

























S3(config-if)# exit


Device Configs – Final

Switch S1S1#show runBuilding configuration...

Current configuration : 1963 bytes!version 15.0no service padservice timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname S1!boot-start-markerboot-end-marker!enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2!no aaa new-modelsystem mtu routing 1500!no ip domain-lookup!spanning-tree mode rapid-pvst



spanning-tree extend system-idspanning-tree vlan 1,10,99 priority 28672!vlan internal allocation policy ascending!interface FastEthernet0/1 switchport trunk native vlan 99 switchport mode trunk!interface FastEthernet0/2 shutdown!interface FastEthernet0/3 switchport trunk native vlan 99 switchport mode trunk!interface FastEthernet0/4 shutdown!interface FastEthernet0/5 shutdown!interface FastEthernet0/6 switchport access vlan 10 switchport mode access spanning-tree portfast spanning-tree bpduguard enable!interface FastEthernet0/7 shutdown!interface FastEthernet0/8 shutdown!interface FastEthernet0/9 shutdown!interface FastEthernet0/10 shutdown!interface FastEthernet0/11 shutdown!interface FastEthernet0/12 shutdown!interface FastEthernet0/13 shutdown!interface FastEthernet0/14 shutdown!interface FastEthernet0/15 shutdown!interface FastEthernet0/16 shutdown!



interface FastEthernet0/17 shutdown!interface FastEthernet0/18 shutdown!interface FastEthernet0/19 shutdown!interface FastEthernet0/20 shutdown!interface FastEthernet0/21 shutdown!interface FastEthernet0/22 shutdown!interface FastEthernet0/23 shutdown!interface FastEthernet0/24 shutdown!interface GigabitEthernet0/1 shutdown!interface GigabitEthernet0/2 shutdown!interface Vlan1 no ip address!interface Vlan99 ip address 192.168.1.11 255.255.255.0!ip http serverip http secure-server!line con 0 password cisco logging synchronous loginline vty 0 4 password cisco loginline vty 5 15 password cisco login!end

Switch S2S2#show run





!

version 15.0

no service pad




!

hostname S2

!

boot-start-marker

boot-end-marker

!


!

no aaa new-model


!

no ip domain-lookup

!



spanning-tree vlan 1,10,99 priority 24576

!


!




!


shutdown

!




!


shutdown

!




shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!




shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!

interface Vlan1

no ip address

!

interface Vlan99

ip address 192.168.1.12 255.255.255.0

!

ip http server


!

!

line con 0

password cisco

logging synchronous

login



line vty 0 4

password cisco

login

line vty 5 15

password cisco

login

!

end

Switch S3S3#show run



!

version 15.0

no service pad




!

hostname S3

!

boot-start-marker

boot-end-marker

!


!

no aaa new-model


!

no ip domain-lookup

!


spanning-tree portfast default

spanning-tree portfast bpduguard default


!


!






!


shutdown

!




!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown



!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


switchport access vlan 10

switchport mode access

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown



!

interface Vlan1

no ip address

!

interface Vlan99

ip address 192.168.1.13 255.255.255.0

!

ip http server


!

line con 0

password cisco

logging synchronous

login

line vty 0 4

password cisco

login

line vty 5 15

password cisco

login

!

end


2.4.3.4 Lab – Configuring HSRP and GLBP (Instructor Version) 69

2.4.3.4 Lab – Configuring HSRP and GLBP (Instructor Version) Red font color or Gray highlights indicate text that appears in the instructor copy only.

Topology

Addressing Table

Device Interface IP Address Subnet Mask Default GatewayR1 G0/1 192.168.1.1 255.255.255.0 N/A

S0/0/0 (DCE) 10.1.1.1 255.255.255.252 N/AR2 S0/0/0 10.1.1.2 255.255.255.252 N/A

S0/0/1 (DCE) 10.2.2.2 255.255.255.252 N/A

Lo1 209.165.200.225 255.255.255.224 N/AR3 G0/1 192.168.1.3 255.255.255.0 N/A

S0/0/1 10.2.2.1 255.255.255.252 N/AS1 VLAN 1 192.168.1.11 255.255.255.0 192.168.1.1S3 VLAN 1 192.168.1.13 255.255.255.0 192.168.1.3PC-A NIC 192.168.1.31 255.255.255.0 192.168.1.1PC-C NIC 192.168.1.33 255.255.255.0 192.168.1.3



Objectives

Part 1: Build the Network and Verify Connectivity

Part 2: Configure First Hop Redundancy using HSRP

Part 3: Configure First Hop Redundancy using GLBP


Spanning tree provides loop-free redundancy between switches within your LAN. However, it does not pro-vide redundant default gateways for end-user devices within your network if one of your routers fails. First Hop Redundancy Protocols (FHRPs) provide redundant default gateways for end devices with no end-user configuration necessary.

In this lab, you will configure two FHRPs. In Part 2, you will configure Cisco’s Hot Standby Routing Protocol (HSRP), and in Part 3 you will configure Cisco’s Gateway Load Balancing Protocol (GLBP).

Note: The routers used with CCNA hands-on labs are Cisco 1941 Integrated Services Routers (ISRs) with Cisco IOS Release 15.2(4)M3 (universalk9 image). The switches used are Cisco Catalyst 2960s with Cisco IOS Release 15.0(2) (lanbasek9 image). Other routers, switches, and Cisco IOS versions can be used. De-pending on the model and Cisco IOS version, the commands available and output produced might vary from what is shown in the labs. Refer to the Router Interface Summary Table at the end of this lab for the correct interface identifiers.

Note: Make sure that the routers and switches have been erased and have no startup configurations. If you are unsure, contact your instructor.

Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.

Required Resources• 3 Routers (Cisco 1941 with Cisco IOS Release 15.2(4)M3 universal image or comparable)

• 2 Switches (Cisco 2960 with Cisco IOS Release 15.0(2) lanbasek9 image or comparable)

• 2 PCs (Windows 7, Vista, or XP with terminal emulation program, such as Tera Term)


• Ethernet and serial cables as shown in the topology

Part 1: Build the Network and Verify ConnectivityIn Part 1, you will set up the network topology and configure basic settings, such as the interface IP address-es, static routing, device access, and passwords.


Attach the devices as shown in the topology diagram, and cable as necessary.



Step 2: Configure PC hosts.

Step 3: Initialize and reload the routers and switches as necessary.

Step 4: Configure basic settings for each router.



c. Configure IP addresses for the routers as listed in the Addressing Table.

d. Set clock rate to 128000 for all DCE serial interfaces.

e. Assign class as the encrypted privileged EXEC mode password.

f. Assign cisco for the console and vty password and enable login.

g. Configure logging synchronous to prevent console messages from interrupting command entry.





c. Assign class as the encrypted privileged EXEC mode password.

d. Configure IP addresses for the switches as listed in the Addressing Table.

e. Configure the default gateway on each switch.

f. Assign cisco for the console and vty password and enable login.

g. Configure logging synchronous to prevent console messages from interrupting command entry.


Step 6: Verify connectivity between PC-A and PC-C.

Ping from PC-A to PC-C. Were the ping results successful? ________________ Yes

If the pings are not successful, troubleshoot the basic device configurations before continuing.

Note: It may be necessary to disable the PC firewall to successfully ping between PCs.

Step 7: Configure routing.

a. Configure EIGRP on the routers and use AS of 1. Add all the networks, except 209.165.200.224/27 into the EIGRP process.

b. Configure a default route on R2 using Lo1 as the exit interface to 209.165.200.224/27 network and redis-tribute this route into the EIGRP process.



Step 8: Verify connectivity.

a. From PC-A, you should be able to ping every interface on R1, R2, R3, and PC-C. Were all pings success-ful? ______________ Yes

b. From PC-C, you should be able to ping every interface on R1, R2, R3, and PC-A. Were all pings success-ful? ______________ Yes

Part 2: Configure First Hop Redundancy Using HSRPEven though the topology has been designed with some redundancy (two routers and two switches on the same LAN network), both PC-A and PC-C are configured with only one gateway address. PC-A is using R1 and PC-C is using R3. If either of these routers or the interfaces on the routers went down, the PC could lose its connection to the Internet.

In Part 2, you will test how the network behaves both before and after configuring HSRP. To do this, you will determine the path that packets take to the loopback address on R2.

Step 1: Determine the path for Internet traffic for PC-A and PC-C.

a. From a command prompt on PC-A, issue a tracert command to the 209.165.200.225 loopback address of R2.

C:\ tracert 209.165.200.225

Tracing route to 209.165.200.225 over a maximum of 30 hops

1 1 ms 1 ms 1 ms 192.168.1.1

2 13 ms 13 ms 13 ms 209.165.200.225

Trace complete.

What path did the packets take from PC-A to 209.165.200.225? _________________________________ PC-A to R1 to R2

b. From a command prompt on PC-C, issue a tracert command to the 209.165.200.225 loopback address of R2.

What path did the packets take from PC-C to 209.165.200.225? ________________________________ PC-C to R3 to R2

Step 2: Start a ping session on PC-A, and break the connection between S1 and R1.

a. From a command prompt on PC-A, issue a ping –t command to the 209.165.200.225 address on R2. Make sure you leave the command prompt window open.

Note: The pings continue until you press Ctrl+C, or until you close the command prompt window.

C:\ ping –t 209.165.200.225

Pinging 209.165.200.225 with 32 bytes of data:

Reply from 209.165.200.225: bytes=32 time=9ms TTL=254















<output omitted>

b. As the ping continues, disconnect the Ethernet cable from F0/5 on S1. You can also shut down the S1 F0/5 interface, which creates the same result.

What happened to the ping traffic?

____________________________________________________________________________________

After the cable was disconnected from F0/5 on S1 (or the interface was shut down), pings failed. Sample output is below.

Request timed out.

Request timed out.

Request timed out.

Request timed out.

<output omitted>

c. Repeat Steps 2a and 2b on PC-C and S3. Disconnect cable from F0/5 on S3.

What were your results?

____________________________________________________________________________________

The results were the same as on PC-A. After the Ethernet cable was disconnected from F0/5 on S3, the pings failed.

d. Reconnect the Ethernet cables to F0/5 or enable the F0/5 interface on both S1 and S3, respectively. Re-issue pings to 209.165.200.225 from both PC-A and PC-C to make sure connectivity is re-established.

Step 3: Configure HSRP on R1 and R3.

In this step, you will configure HSRP and change the default gateway address on PC-A, PC-C, S1, and S2 to the virtual IP address for HSRP. R1 becomes the active router via configuration of the HSRP priority command.

a. Configure HSRP on R1.

R1(config)# interface g0/1

R1(config-if)# standby 1 ip 192.168.1.254

R1(config-if)# standby 1 priority 150

R1(config-if)# standby 1 preempt

b. Configure HSRP on R3.


R3(config-if)# standby 1 ip 192.168.1.254



c. Verify HSRP by issuing the show standby command on R1 and R3.

R1# show standby

GigabitEthernet0/1 - Group 1

State is Active

1 state change, last state change 00:02:11

Virtual IP address is 192.168.1.254

Active virtual MAC address is 0000.0c07.ac01

Local virtual MAC address is 0000.0c07.ac01 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 0.784 secs

Preemption enabled

Active router is local

Standby router is 192.168.1.3, priority 100 (expires in 9.568 sec)

Priority 150 (configured 150)

Group name is "hsrp-Gi0/1-1" (default)

R3# show standby

GigabitEthernet0/1 - Group 1

State is Standby

4 state changes, last state change 00:02:20

Virtual IP address is 192.168.1.254

Active virtual MAC address is 0000.0c07.ac01

Local virtual MAC address is 0000.0c07.ac01 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 2.128 secs

Preemption disabled

Active router is 192.168.1.1, priority 150 (expires in 10.592 sec)

Standby router is local

Priority 100 (default 100)

Group name is "hsrp-Gi0/1-1" (default)

Using the output shown above, answer the following questions:

Which router is the active router? _____________________ R1

What is the MAC address for the virtual IP address? ____________________________ 0000.0c07.ac01

What is the IP address and priority of the standby router?

____________________________________________________________________________________

____________________________________________________________________________________

IP address is 192.168.1.3 and the priority is 100 (the default which is less than that of R1, the active router, with a priority of 150).



d. Use the show standby brief command on R1 and R3 to view an HSRP status summary. Sample output is shown below.

R1# show standby brief

P indicates configured to preempt.

|

Interface Grp Pri P State Active Standby Virtual IP

Gi0/1 1 150 P Active local 192.168.1.3 192.168.1.254

R3# show standby brief

P indicates configured to preempt.

|

Interface Grp Pri P State Active Standby Virtual IP

Gi0/1 1 100 Standby 192.168.1.1 local 192.168.1.254

e. Change the default gateway address for PC-A, PC-C, S1, and S3. Which address should you use?

____________________________________________________________________________________

192.168.1.254

Verify the new settings. Issue a ping from both PC-A and PC-C to the loopback address of R2. Are the pings successful? __________ Yes

Step 4: Start a ping session on PC-A and break the connection between the switch that is con-nected to the Active HSRP router (R1).

a. From a command prompt on PC-A, issue a ping –t command to the 209.165.200.225 address on R2. Ensure that you leave the command prompt window open.

b. As the ping continues, disconnect the Ethernet cable from F0/5 on S1 or shut down the F0/5 interface.


____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

A few packets may be dropped while the Standby router takes over. Sample output is shown below:


Request timed out.

Request timed out.


<output Omitted>

Step 5: Verify HSRP settings on R1 and R3.

a. Issue the show standby brief command on R1 and R3.

Which router is the active router? __________________________________ R3 is now the active router.



b. Reconnect the cable between the switch and the router or enable interface F0/5.

c. Disable the HSRP configuration commands on R1 and R3.


R1(config-if)# no standby 1


R3(config-if)# no standby 1

Part 3: Configure First Hop Redundancy Using GLBPBy default, HSRP does NOT do load balancing. The active router always handles all of the traffic, while the standby router sits unused, unless there is a link failure. This is not an efficient use of resources. GLBP pro-vides nonstop path redundancy for IP by sharing protocol and MAC addresses between redundant gateways. GLBP also allows a group of routers to share the load of the default gateway on a LAN. Configuring GLBP is very similar to HSRP. Load balancing can be done in a variety of ways using GLBP. In this lab, you will use the round-robin method.

Step 1: Configure GLBP on R1 and R3.

a. Configure GLBP on R1.


R1(config-if)# glbp 1 ip 192.168.1.254

R1(config-if)# glbp 1 preempt

R1(config-if)# glbp 1 priority 150

R1(config-if)# glbp 1 load-balancing round-robin

b. Configure GLBP on R3.


R3(config-if)# glbp 1 ip 192.168.1.254

R3(config-if)# glbp 1 load-balancing round-robin

Step 2: Verify GLBP on R1 and R3.

a. Issue the show glbp brief command on R1 and R3.

R1# show glbp brief

Interface Grp Fwd Pri State Address Active router Standby router

Gi0/1 1 - 150 Active 192.168.1.254 local 192.168.1.3

Gi0/1 1 1 - Active 0007.b400.0101 local -

Gi0/1 1 2 - Listen 0007.b400.0102 192.168.1.3 -

R3# show glbp brief

Interface Grp Fwd Pri State Address Active router Standby router

Gi0/1 1 - 100 Standby 192.168.1.254 192.168.1.1 local

Gi0/1 1 1 - Listen 0007.b400.0101 192.168.1.1 -

Gi0/1 1 2 - Active 0007.b400.0102 local -



Step 3: Generate traffic from PC-A and PC-C to the R2 loopback interface.

a. From a command prompt on PC-A, ping the 209.165.200.225 address of R2.

C:\> ping 209.165.200.225

b. Issue an arp –a command on PC-A. Which MAC address is used for the 192.168.1.254 address?

____________________________________________________________________________________

Answers will vary due to timing, but the MAC address will be either R1 or R3 GLBP G0/1 interface MAC.

c. Generate more traffic to the loopback interface of R2. Issue another arp –a command. Did the MAC ad-dress change for the default gateway address of 192.168.1.254?

______________________________________________________________________________

Yes. The MAC address changed from R1 to R3 and back. Note: You may need to have students generate traffic multiple times to see the change.

As you can see, both R1 and R3 play a role in forwarding traffic to the loopback interface of R2. Neither router remains idle.

Step 4: Start a ping session on PC-A, and break the connection between the switch that is con-nected to R1.

a. From a command prompt on PC-A, issue a ping –t command to the 209.165.200.225 address on R2. Make sure you leave the command prompt window open.

b. As the ping continues, disconnect the Ethernet cable from F0/5 on S1 or shut down the F0/5 interface.


____________________________________________________________________________________

____________________________________________________________________________________

A few packets are dropped while transitioning to the Standby router. Sample output is shown below.


Request timed out.



Reflection

1. Why would there be a need for redundancy in a LAN?

_______________________________________________________________________________________

In today’s networks, down time can be a critical issue affecting sales, productivity, and general connectivity (IP Telephony phones for example).

2. If you had a choice, which protocol would you implement in your network, HSRP or GLBP? Explain your choice.

_______________________________________________________________________________________

Answers will vary. HSRP is easier to configure. There are more options with GLBP which can make it complex to configure.



Router Interface Summary Table

Router Interface SummaryRouter Model Ethernet Interface #1 Ethernet Interface #2 Serial Interface #1 Serial Interface #21800 Fast Ethernet 0/0

(F0/0)Fast Ethernet 0/1 (F0/1)

Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)

1900 Gigabit Ethernet 0/0 (G0/0)

Gigabit Ethernet 0/1 (G0/1)

Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)

2801 Fast Ethernet 0/0 (F0/0)

Fast Ethernet 0/1 (F0/1)

Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)

2811 Fast Ethernet 0/0 (F0/0)

Fast Ethernet 0/1 (F0/1)

Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)

2900 Gigabit Ethernet 0/0 (G0/0)

Gigabit Ethernet 0/1 (G0/1)

Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)

Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many interfaces the router has. There is no way to effectively list all the combinations of configurations for each router class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the de-vice. The table does not include any other type of interface, even though a specific router may contain one. An example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be used in Cisco IOS commands to represent the interface.

Device Configs

Router R1 (After Part 3 of this lab)R1# show run



!

version 15.2




!

hostname R1

!

boot-start-marker

boot-end-marker


!

no aaa new-model

!

no ip domain lookup

ip cef



no ipv6 cef

multilink bundle-name authenticated

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!


no ip address

shutdown

duplex auto

speed auto

!


ip address 192.168.1.1 255.255.255.0

glbp 1 ip 192.168.1.254

glbp 1 priority 150

glbp 1 preempt

duplex auto

speed auto

!

interface Serial0/0/0

ip address 10.1.1.1 255.255.255.252

clock rate 128000

!


no ip address

shutdown

!

!

router eigrp 1

network 10.1.1.0 0.0.0.3

network 192.168.1.0

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

!



!

control-plane

!

line con 0

password cisco

logging synchronous

login

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

password cisco

login

transport input all

!

scheduler allocate 20000 1000

!

end

Router R2R2# show run



!

version 15.2




!

hostname R2

!

boot-start-marker

boot-end-marker

!



!


!

no aaa new-model

!

no ip domain lookup

ip cef

no ipv6 cef


!

interface Loopback1

ip address 209.165.200.225 255.255.255.224

!


no ip address

shutdown

!


no ip address

shutdown

duplex auto

speed auto

!


no ip address

shutdown

duplex auto

speed auto

!


ip address 10.1.1.2 255.255.255.252

!


ip address 10.2.2.2 255.255.255.252

clock rate 128000

!

!

router eigrp 1

network 10.1.1.0 0.0.0.3

network 10.2.2.0 0.0.0.3



redistribute static

!


!

no ip http server


!

ip route 0.0.0.0 0.0.0.0 Loopback1

!

!

control-plane

!

!

line con 0

password cisco

logging synchronous

login

line aux 0

line 2


no exec


transport input all


stopbits 1

line vty 0 4

password cisco

login

transport input all

!


!

end

Router R3 (After Part 3 of this Lab)R3# show run



!



version 15.2




!

hostname R3

!

boot-start-marker

boot-end-marker

!

!


!

no aaa new-model

!

no ip domain lookup

ip cef

no ipv6 cef


!


no ip address

shutdown

!


no ip address

shutdown

duplex auto

speed auto

!


ip address 192.168.1.3 255.255.255.0

glbp 1 ip 192.168.1.254

duplex auto

speed auto

!


no ip address

shutdown

clock rate 2000000



!


ip address 10.2.2.1 255.255.255.252

!

!

router eigrp 1

network 10.2.2.0 0.0.0.3

network 192.168.1.0

!


!

no ip http server


!

!

!

control-plane

!

line con 0

password cisco

logging synchronous

login

line aux 0

line 2


no exec


transport input all


stopbits 1

line vty 0 4

password cisco

login

transport input all

!


!

end






!

version 15.0

no service pad




!

hostname S1

!

boot-start-marker

boot-end-marker

!


!

no aaa new-model


!

!

no ip domain-lookup

!

crypto pki trustpoint TP-self-signed-2530377856

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2530377856

revocation-check none

rsakeypair TP-self-signed-2530377856

!

!

!1panning-tree mode pvst


!


!

!


!




!


!


!


!


!


!


!


!


!


!


!


!


!


!


!


!


!


!


!


!




!


!


!


!


!

interface Vlan1

ip address 192.168.1.11 255.255.255.0

!

ip default-gateway 192.168.1.254

ip http server


!

line con 0

password cisco

logging synchronous

login

line vty 0 4

password cisco

login

line vty 5 15

password cisco

login

!

end




!

version 15.0

no service pad






!

hostname S3

!

boot-start-marker

boot-end-marker

!


!

no aaa new-model


!

!

no ip domain-lookup

!

!

crypto pki trustpoint TP-self-signed-2530358400

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2530358400

revocation-check none

rsakeypair TP-self-signed-2530358400

!

!

!



!


!


!


!


!


!


!




!


!


!


!


!


!


!


!


!


!


!


!


!


!


!


!


!


!


!


!




!

interface Vlan1

ip address 192.168.1.13 255.255.255.0

!

ip default-gateway 192.168.1.254

ip http server


!

!

line con 0

password cisco

logging synchronous

login

line vty 0 4

password cisco

login

line vty 5 15

password cisco

login

!

end


2.5.1.1 Class Activity– Documentation Tree (Instructor Version) 91

2.5.1.1 Class Activity– Documentation Tree (Instructor Version) Red font color or Gray highlights indicate text that appears in the instructor copy only.

ObjectiveIdentify common STP configuration issues.

This activity may be completed individually or in small groups.

ScenarioThe employees in your building are having difficulty accessing a web server on the network. You look for the net-work documentation that the previous network engineer used before he transitioned to a new job; however, you cannot find any network documentation whatsoever.Therefore, you decide create your own network recordkeeping system. You decide to start at the access layer of your network hierarchy. This is where redundant switches are located, as well as the company servers, printers, and local hosts.You create a matrix to record your documentation and include access layer switches on the list. You also decide to document switch names, ports in use, cabling connections, and root ports, designated ports, and alternate ports.For more detailed instructions on how to design your model, use the student PDF that accompanies this activity.

Resources• Packet Tracer software

• Word processing software

Directions

Step 1: Create the topology diagram with three redundant switches.

Step 2: Connect host devices to the switches.

Step 3: Create the switch documentation matrix.a. Name and switch location b. General switch descriptionc. Model, IOS version, and image named. Switch serial numbere. MAC addressf. Ports currently in useg. Cable connectionsh. Root portsi. Designated ports, status, and costj. Alternate ports, status, and cost

Step 4: Use show commands to locate Layer 2 switch information.a. show version

b. show cdp neighbors detail

c. show spanning-tree



Instructor – Example Activity Answer

Topology Diagram Example

Documentation Form Example (S1 only)

Switch Name and Location S1 – Main Distribution FacilityGeneral Switch Description Access Layer Switch – grants network access for PCs

01-03Switch Model, IOS Version, and Image Name WS-C2960-24TT

12.2C2960-LANBASE-M

Switch Serial Number FOC1033Z1EYSwitch MAC Address 0050.0F5C.A2D1Ports in Use Fa0/2

Fa0/3Fa0/1Gi1/1Gi1/2

Cable Connections Fa0/2 connected to PC-02Fa0/3 connected to PC-03Fa0/1 connected to PC-01Gi1/1 connected to S2 Gi1/1Gi1/2 connected to S3 Gi1/2

Root Port Gi1/2Designated Port(s), Status, and Cost Fa0/1, Forwarding, Cost 19

Fa0/3, Forwarding, Cost 19Fa0/2, Forwarding, Cost 19

Alternate Port(s), Status, and Cost (non-designated port) Gi1/1, Blocking, Cost 4



S1# show version

Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version 12.2(25)FX, RELEASE SOFTWARE (fc1)

Copyright (c) 1986-2005 by Cisco Systems, Inc.

Compiled Wed 12-Oct-05 22:05 by pt_team

ROM: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(25r)FX, RELEASE SOFTWARE (fc4)

System returned to ROM by power-on

Cisco WS-C2960-24TT (RC32300) processor (revision C0) with 21039K bytes of memory.

24 FastEthernet/IEEE 802.3 interface(s)

2 Gigabit Ethernet/IEEE 802.3 interface(s)

63488K bytes of flash-simulated non-volatile configuration memory.

Base ethernet MAC Address : 0050.0F5C.A2D1

Motherboard assembly number : 73-9832-06

Power supply part number : 341-0097-02

Motherboard serial number : FOC103248MJ

Power supply serial number : DCA102133JA

Model revision number : B0

Motherboard revision number : C0

Model number : WS-C2960-24TT

System serial number : FOC1033Z1EY

Top Assembly Part Number : 800-26671-02

Top Assembly Revision Number : B0

Version ID : V02

CLEI Code Number : COM3K00BRA

Hardware Board Revision Number : 0x01

Switch Ports Model SW Version SW Image

------ ----- ----- ---------- ----------

* 1 26 WS-C2960-24TT 12.2 C2960-LANBASE-M

Configuration register is 0xF

S1#

S1# show cdp neighbors detail



Device ID: S2

Entry address(es):

Platform: cisco 2960, Capabilities: Switch

Interface: GigabitEthernet1/1, Port ID (outgoing port): GigabitEthernet1/1

Holdtime: 151

Version :




advertisement version: 2

Duplex: full

---------------------------

Device ID: S3

Entry address(es):

Platform: cisco 2960, Capabilities: Switch

Interface: GigabitEthernet1/2, Port ID (outgoing port): GigabitEthernet1/2

Holdtime: 151

Version :




advertisement version: 2

Duplex: full

S1#


VLAN0001



Address 0001.635E.CE64

Cost 4

Port 26(GigabitEthernet1/2)





Address 0050.0F5C.A2D1


Aging Time 20


---------------- ---- --- --------- -------- --------------------------------




Gi1/1 Altn BLK 4 128.25 P2p

Gi1/2 Root FWD 4 128.26 P2p

S1#

Identify elements of the model that map to IT-related content: • Designated ports

• Root ports

• Alternate ports

• STP switch commands output

• LAN, Access-Layer documentation


9.3.1.2 – EIGRP Capstone Project (Instructor Version) 547

Joined group address(es):

FF02::1

FF02::2

FF02::A

FF02::1:FF00:4

FF02::1:FF0E:5201

MTU is 1500 bytes

ICMP error messages limited to one every 100 milliseconds

ICMP redirects are enabled

ICMP unreachables are sent

ND DAD is enabled, number of DAD attempts: 1

ND reachable time is 30000 milliseconds

Hosts use stateless autoconfig for addresses.

Serial0/1/1 is up, line protocol is up

IPv6 is enabled, link-local address is FE80::2D0:BCFF:FE0E:5202

No Virtual link-local address(es):

Global unicast address(es):

2001:DB8:ACAD:9::6, subnet is 2001:DB8:ACAD:9::6/127


FF02::1

FF02::2

FF02::A

FF02::1:FF00:6

FF02::1:FF0E:5202

MTU is 1500 bytes








IPv6 is enabled, link-local address is FE80::202:4AFF:FE35:602



2001:DB8:ABCD::, subnet is 2001:DB8:ABCD::/127


FF02::1

FF02::2

FF02::A

FF02::1:FF00:0

FF02::1:FF35:602

MTU is 1500 bytes





Chapter 9 — IOS Images and Licensing548




Vlan1 is administratively down, line protocol is down

Internet protocol processing disabled

ISP# show ipv6 interface

GigabitEthernet0/0 is up, line protocol is up

IPv6 is enabled, link-local address is FE80::260:2FFF:FE66:401



2001:DB8:CAFE:1::, subnet is 2001:DB8:CAFE:1::/64


FF02::1

FF02::2

FF02::1:FF00:0

FF02::1:FF66:401

MTU is 1500 bytes






ND advertised reachable time is 0 milliseconds

ND advertised retransmit interval is 0 milliseconds

ND router advertisements are sent every 200 seconds

ND router advertisements live for 1800 seconds

ND advertised default router preference is Medium



IPv6 is enabled, link-local address is FE80::260:3EFF:FE10:B901



2001:DB8:ABCD::1, subnet is 2001:DB8:ABCD::/127


FF02::1

FF02::2

FF02::1:FF00:1

FF02::1:FF10:B901

MTU is 1500 bytes











Branch1# show ipv6 interface


IPv6 is enabled, link-local address is FE80::201:C9FF:FE85:3A01



2001:DB8:ACAD:1:FFFF:FFFF:FFFF:FFFF, subnet is 2001:DB8:ACAD:1::/64


FF02::1

FF02::2

FF02::A

FF02::1:FF85:3A01

FF02::1:FFFF:FFFF

MTU is 1500 bytes













IPv6 is enabled, link-local address is FE80::201:C9FF:FE85:3A02



2001:DB8:ACAD:2:FFFF:FFFF:FFFF:FFFF, subnet is 2001:DB8:ACAD:2::/64


FF02::1

FF02::2

FF02::A

FF02::1:FF85:3A02

FF02::1:FFFF:FFFF

MTU is 1500 bytes















IPv6 is enabled, link-local address is FE80::202:17FF:FEE2:A401



2001:DB8:ACAD:9::1, subnet is 2001:DB8:ACAD:9::/127


FF02::1

FF02::2

FF02::A

FF02::1:FF00:1

FF02::1:FFE2:A401

MTU is 1500 bytes









Show IPv6 RouteHQ# show ipv6 route

IPv6 Routing Table - 17 entries

Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP

U - Per-user Static route, M - MIPv6

I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary

O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2

ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2

D - EIGRP, EX - EIGRP external

S ::/0 [1/0]

via ::, Serial0/2/1

C 2001:DB8:ABCD::/127 [0/0]

via ::, Serial0/2/1

L 2001:DB8:ABCD::/128 [0/0]

via ::, Serial0/2/1

D 2001:DB8:ACAD::/60 [5/2169856]

via ::, Null0

D 2001:DB8:ACAD::/61 [90/2170112]

via FE80::2D0:FFFF:FE73:E101, Serial0/0/1

D 2001:DB8:ACAD::/62 [90/2170112]

via FE80::202:17FF:FEE2:A401, Serial0/0/0



D 2001:DB8:ACAD:5::/64 [90/2170112]

via FE80::20D:BDFF:FE23:9801, Serial0/1/0

D 2001:DB8:ACAD:6::/64 [90/2170112]

via FE80::20D:BDFF:FE23:9801, Serial0/1/0

C 2001:DB8:ACAD:9::/127 [0/0]

via ::, Serial0/0/0

L 2001:DB8:ACAD:9::/128 [0/0]

via ::, Serial0/0/0

C 2001:DB8:ACAD:9::2/127 [0/0]

via ::, Serial0/0/1

L 2001:DB8:ACAD:9::2/128 [0/0]

via ::, Serial0/0/1

C 2001:DB8:ACAD:9::4/127 [0/0]

via ::, Serial0/1/0

L 2001:DB8:ACAD:9::4/128 [0/0]

via ::, Serial0/1/0

C 2001:DB8:ACAD:9::6/127 [0/0]

via ::, Serial0/1/1

L 2001:DB8:ACAD:9::6/128 [0/0]

via ::, Serial0/1/1

L FF00::/8 [0/0]

via ::, Null0

Branch1# show ipv6 route

IPv6 Routing Table - 17 entries

Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP

U - Per-user Static route, M - MIPv6

I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary

O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2

ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2

D - EIGRP, EX - EIGRP external

EX ::/0 [170/7289856]

via FE80::260:3EFF:FE77:E701, Serial0/0/0

D 2001:DB8:ABCD::/127 [90/2681856]


D 2001:DB8:ACAD::/60 [90/2682112]


D 2001:DB8:ACAD::/61 [90/2682112]


D 2001:DB8:ACAD::/62 [5/2816]

via ::, Null0

C 2001:DB8:ACAD:1::/64 [0/0]

via ::, GigabitEthernet0/0

L 2001:DB8:ACAD:1:FFFF:FFFF:FFFF:FFFF/128 [0/0]


C 2001:DB8:ACAD:2::/64 [0/0]




L 2001:DB8:ACAD:2:FFFF:FFFF:FFFF:FFFF/128 [0/0]


D 2001:DB8:ACAD:5::/64 [90/2682112]


D 2001:DB8:ACAD:6::/64 [90/2682112]


C 2001:DB8:ACAD:9::/127 [0/0]

via ::, Serial0/0/0

L 2001:DB8:ACAD:9::1/128 [0/0]

via ::, Serial0/0/0

D 2001:DB8:ACAD:9::2/127 [90/2681856]


D 2001:DB8:ACAD:9::4/127 [90/2681856]


D 2001:DB8:ACAD:9::6/127 [90/2681856]


L FF00::/8 [0/0]

via ::, Null0

Show IPv6 ProtocolsHQ# show ipv6 protocol

IPv6 Routing Protocol is "connected"

IPv6 Routing Protocol is "static

IPv6 Routing Protocol is "eigrp 100"

EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0

EIGRP maximum hopcount 100

EIGRP maximum metric variance 1

Interfaces:

Serial0/0/0

Serial0/0/1

Serial0/1/0

Serial0/1/1

Serial0/2/1

Redistributing: eigrp 100, static

Address Summarization:

2001:DB8:ACAD::/60 for Serial0/2/1

Maximum path: 16

Distance: internal 90 external 170

Branch1#show ipv6 protocol

IPv6 Routing Protocol is "connected"

IPv6 Routing Protocol is "static

IPv6 Routing Protocol is "eigrp 100"

EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0

EIGRP maximum hopcount 100



EIGRP maximum metric variance 1

Interfaces:

GigabitEthernet0/0

GigabitEthernet0/1

Serial0/0/0

Redistributing: eigrp 100

Address Summarization:

2001:DB8:ACAD::/62 for Serial0/0/0

Maximum path: 16

Distance: internal 90 external 170

Show IPv6 EIGRP TopologyHQ# show ipv6 eigrp topology

IPv6-EIGRP Topology Table for AS 100/ID(1.1.1.1)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,

r - Reply status

P 2001:DB8:ACAD:9::4/127, 1 successors, FD is 2169856

via Connected, Serial0/1/0



P 2001:DB8:ACAD:9::/127, 1 successors, FD is 2169856



via FE80::20D:BDFF:FE23:9801 (2170112/2816), Serial0/1/0


via FE80::20D:BDFF:FE23:9801 (2170112/2816), Serial0/1/0



P 2001:DB8:ACAD::/61, 1 successors, FD is 2170112

via FE80::2D0:FFFF:FE73:E101 (2170112/2816), Serial0/0/1


via FE80::202:17FF:FEE2:A401 (2170112/2816), Serial0/0/0


via Summary (2169856/0), Null0

P ::/0, 1 successors, FD is 6777856

via Rstatic (6777856/0)

P 2001:DB8:ABCD::/127, 1 successors, FD is 2169856


Branch1# show ipv6 eigrp topology

IPv6-EIGRP Topology Table for AS 100/ID(2.2.2.2)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,

r - Reply status




via Connected, GigabitEthernet0/0


via Connected, GigabitEthernet0/1




via Summary (2816/0), Null0


via FE80::260:3EFF:FE77:E701 (2681856/2169856), Serial0/0/0













P ::/0, 1 successors, FD is 7289856


P 2001:DB8:ABCD::/127, 1 successors, FD is 2681856


Show IPv6 Access ListsHQ# show ipv6 access-list

IPv6 access list WEB_ACCESS

permit tcp host 2001:DB8:ACAD::1 host 2001:DB8:CAFE:1::3 eq www

permit tcp host 2001:DB8:ACAD::1 host 2001:DB8:CAFE:1::3 eq 443







deny tcp any host 2001:DB8:CAFE:1::3 eq www

deny tcp any host 2001:DB8:CAFE:1::3 eq 443

permit ipv6 any any



Branch1# show ipv6 access-list

IPv6 access list NO_ACCESS

permit tcp host 2001:DB8:ACAD::1 host 2001:DB8:ACAD:1:FFFF:FFFF:FFFF:FFFF eq telnet

permit tcp host 2001:DB8:ACAD::2 host 2001:DB8:ACAD:2:FFFF:FFFF:FFFF:FFFF eq telnet

deny tcp any host 2001:DB8:ACAD:2:FFFF:FFFF:FFFF:FFFF eq telnet

deny tcp any host 2001:DB8:ACAD:1:FFFF:FFFF:FFFF:FFFF eq telnet



9.3.1.3 – OSPF Capstone Project (Instructor Version) Red font color or Gray highlights indicate text that appears in the instructor copy only.

Objectives• Configure basic OSPFv2 to enable internetwork communications in a small- to medium-sized IPv4 business

network.

• Implement advanced OSPF features to enhance operation in a small- to medium-sized business network.

• Implement multiarea OSPF for IPv4 to enable internetwork communications in a small- to medium-sized busi-ness network.

• Configure basic OSPFv3 to enable internetwork communications in a small- to medium-sized IPv6 business network.

Instructor Notes:

• Students should be able to design, configure, and secure OSPF in a network.

• Documentation is a large factor of this project and students must be able to explain their network design and verification through the use of show commands.

• This activity is:

- Best completed in groups of 2-3 students

- Suggested to be a graded assignment after completing all of the OSPF Chapters

Scenario

Your company has made the decision to implement the OSPF routing protocol on its network. You have decid-ed that you need to review the concepts related to OSPF in order to make a smooth transition to this protocol.

Create a network using Packet Tracer. Configure the network with these OSPF routing protocol options:

• Multiarea OSPFv2

• Single-area OSPFv3

• Bandwidth

• Cost

• Authentication

• Default routes

• DR and BDR elections for segments

Required Resources• Packet Tracer

• Student/group-created rubric for assessment of the assignment

Step 1: Design and build a network from scratch.

a. Your design must include three routers connected to a multi-access network in area 0 for use with IPv4.

1) Enable authentication.

2) Establish the DR and BDR using the router id command.

Step 2: Add one additional router with two connections to area 0, representing another OSPF area.


9.3.1.3 – OSPF Capstone Project (Instructor Version) 557

Step 3: Configure the bandwidth or cost to favor one route.

Step 4: Add a network containing end devices and a passive OSPF interface.

Step 5: Add a route to a default network such as the Internet.

Step 6: Add an IPv6 addressing scheme on the routers and configure OSPFv3.

a. Enable IPv6 unicast routing.

b. Establish the DR and BDR using the router id command.

c. Do not configure timers, bandwidth, cost, default routes, or authentication.

Instructor-Sample Rubric

The example rubric includes a total of 100 points for the points earned category, if minimum standards are met. Instructors may wish to consider adding bonus points for additional/advanced work in any requirement category.

Requirement Points EarnedPhysical Topology

• A minimum three routers are present in area 0.

• One router exists in another area.

• One Internet connection with one PC exists in the topology.

(10 suggested)

Logical Addressing and Connectivity

• IPv4 and IPv6 networks should have full connectiv-ity. Connectivity is verified with pings to every IP, including the Internet.

(20 suggested)

OSPF Requirement 1

• Two OSPFv2 areas exist.

• Two OSPFv3 areas exist.

(20 suggested)

OSPF Requirement 2

• OSPF authentication and passive interfaces are used to secure the protocol.

(20 suggested)

OSPF Requirement 3

• Router IDs are used for the election of the DR and BDR.

(10 suggested)

OSPF Requirement 4

• The OSPF cost is changed to manipulate preferred routes.

(10 suggested)

OSPF Requirement 5

• Static routes and default information originate are used to reach the Internet.

(10 suggested)



Instructor Topology Example Solution

Suggested Addressing Table

Device InterfaceIPv4 Address Subnet Mask Default Gateway

IPv6 Address/Prefix Router ID

R1

G0/0 172.16.1.1 255.255.255.0

10.1.1.1G0/2 10.0.0.1 255.255.255.0G0/0 2001:DB8:1:11::1/64G0/2 2001:DB8:1:123::1/64Link-local FE80::1

R2

G0/0 172.16.2.1 255.255.255.0

10.2.2.2

G0/2 10.0.0.2 255.255.255.0S0/0/0 64.104.73.242 255.255.255.240G0/0 2001:DB8:1:22::1/64G0/2 2001:DB8:1:123::2/64S0/0/0 2001:DB8:1:2::1/64Link-local FE80::2

R3

G0/0 172.16.0.1 255.255.255.0

10.3.3.3G0/2 10.0.0.2 255.255.255.0G0/0 2001:DB8:1:33::1/64G0/2 2001:DB8:1:123::3/64Link-local FE80::3

A2

G0/0 172.16.2.2 255.255.255.0

2.2.2.2G0/2 172.16.1.2 255.255.255.0G0/0 2001:DB8:1:22::2/64G0/2 2001:DB8:1:11::2/64Link-local FE80::A

L3NIC 172.16.0.1 255.255.255.0 172.16.0.1NIC 2001:DB8:1:33::1/64 FE80::3



Device Configurations After Completion of the ActivityR1# show run



!

version 15.1

no service timestamps log datetime msec

no service timestamps debug datetime msec


!

hostname R1

!

ipv6 unicast-routing

!

license udi pid CISCO2911/K9 sn FTX1524UZ5Y

!


!


ip address 172.16.1.1 255.255.255.0

ip ospf message-digest-key 1 md5 Area2

duplex auto

speed auto

ipv6 address FE80::1 link-local

ipv6 address 2001:DB8:1:11::1/64

ipv6 ospf 1 area 2

!


no ip address

duplex auto

speed auto

shutdown

!


ip address 10.0.0.1 255.255.255.0


duplex auto

speed auto


ipv6 address 2001:DB8:1:123::1/64

ipv6 ospf 1 area 0

!


no ip address

shutdown



!


no ip address

shutdown

!

interface Vlan1

no ip address

shutdown

!

router ospf 1

router-id 10.1.1.1

log-adjacency-changes

area 0 authentication message-digest


network 10.0.0.0 0.0.0.255 area 0

network 172.16.1.0 0.0.0.255 area 2

!

ipv6 router ospf 1

router-id 10.1.1.1


!

ip classless

!

line con 0

!

line aux 0

!

line vty 0 4

login

!

end

R2# show run



!

version 15.1




!

hostname R2

!


!



license udi pid CISCO2911/K9 sn FTX1524GRRS

!


!


ip address 172.16.2.1 255.255.255.0


duplex auto

speed auto


ipv6 address 2001:DB8:1:22::1/64

ipv6 ospf 1 area 2

!


no ip address

duplex auto

speed auto

shutdown

!


ip address 10.0.0.2 255.255.255.0


duplex auto

speed auto


ipv6 address 2001:DB8:1:123::2/64

ipv6 ospf 1 area 0

!


ip address 64.104.73.242 255.255.255.240


ipv6 address 2001:DB8:1:2::1/64

ipv6 ospf 1 area 0

!


no ip address

shutdown

!

interface Vlan1

no ip address

shutdown

!

router ospf 1

router-id 10.2.2.2






passive-interface Serial0/0/0

network 10.0.0.0 0.0.0.255 area 0

network 172.16.2.0 0.0.0.255 area 2

default-information originate

!

ipv6 router ospf 1

router-id 10.2.2.2


!

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0/0/0

!

line con 0

!

line aux 0

!

line vty 0 4

login

!

end

R3# show run



!

version 15.1




!

hostname R3

!


!

license udi pid CISCO2911/K9 sn FTX15247W10

!


!


ip address 172.16.0.1 255.255.255.0


duplex auto

speed auto




ipv6 address 2001:DB8:1:33::1/64

ipv6 ospf 1 area 0

!


no ip address

duplex auto

speed auto

shutdown

!


ip address 10.0.0.3 255.255.255.0


duplex auto

speed auto


ipv6 address 2001:DB8:1:123::3/64

ipv6 ospf 1 area 0

!


no ip address

shutdown

!


no ip address

shutdown

!

interface Vlan1

no ip address

shutdown

!

router ospf 1

router-id 10.3.3.3



passive-interface GigabitEthernet0/0

network 10.0.0.0 0.0.0.255 area 0

network 172.16.0.0 0.0.0.255 area 0

!

ipv6 router ospf 1

router-id 10.3.3.3


!

ip classless

!

line con 0

!



line aux 0

!

line vty 0 4

login

!

end

A2# show run



!

version 15.1




!

hostname A2

!


!

license udi pid CISCO2911/K9 sn FTX1524DVBW

!


!


ip address 172.16.2.2 255.255.255.0


ip ospf cost 2000

duplex auto

speed auto

ipv6 address FE80::A link-local

ipv6 address 2001:DB8:1:22::2/64

ipv6 ospf 1 area 2

!


ip address 172.16.1.2 255.255.255.0


ip ospf cost 1000

duplex auto

speed auto

ipv6 address FE80::A link-local

ipv6 address 2001:DB8:1:11::2/64

ipv6 ospf 1 area 2

!




no ip address

duplex auto

speed auto

shutdown

!

interface Vlan1

no ip address

shutdown

!

router ospf 1

router-id 2.2.2.2



network 172.16.2.0 0.0.0.255 area 2

!

ipv6 router ospf 1

router-id 2.2.2.2


!

ip classless

!

line con 0

!

line aux 0

!

line vty 0 4

login

!

End

Show IP RouteR1>en

R1# show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

Gateway of last resort is 10.0.0.2 to network 0.0.0.0

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 10.0.0.0/24 is directly connected, GigabitEthernet0/2

L 10.0.0.1/32 is directly connected, GigabitEthernet0/2



172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks

O 172.16.0.0/24 [110/2] via 10.0.0.3, 00:02:18, GigabitEthernet0/2

C 172.16.1.0/24 is directly connected, GigabitEthernet0/0

L 172.16.1.1/32 is directly connected, GigabitEthernet0/0

O IA 172.16.2.0/24 [110/2] via 10.0.0.2, 00:02:18, GigabitEthernet0/2

O*E2 0.0.0.0/0 [110/1] via 10.0.0.2, 00:02:18, GigabitEthernet0/2

Show IP ProtocolsR1# show ip protocols

Routing Protocol is "ospf 1"

Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set

Router ID 10.1.1.1

Number of areas in this router is 2. 2 normal 0 stub 0 nssa

Maximum path: 4

Routing for Networks:

10.0.0.0 0.0.0.255 area 0

172.16.1.0 0.0.0.255 area 2

Routing Information Sources:

Gateway Distance Last Update

10.1.1.1 110 00:08:18

10.2.2.2 110 00:07:29

10.3.3.3 110 00:07:38

Distance: (default is 110)

Show IP OSPF NeighborR1# show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

10.3.3.3 1 FULL/DR 00:00:33 10.0.0.3 GigabitEthernet0/2

10.2.2.2 1 FULL/BDR 00:00:33 10.0.0.2 GigabitEthernet0/2

Show IP Interface BriefR1# show ip int brief

Interface IP-Address OK? Method Status Protocol

GigabitEthernet0/0 172.16.1.1 YES manual up up

GigabitEthernet0/1 unassigned YES unset administratively down down

GigabitEthernet0/2 10.0.0.1 YES manual up up

Serial0/0/0 unassigned YES unset administratively down down

Serial0/0/1 unassigned YES unset administratively down down

Vlan1 unassigned YES unset administratively down down


chapter 2 lan redundancy -...

Documents